From eab5d054d5b1180b344b1ec0460b6f602714aa67 Mon Sep 17 00:00:00 2001
From: Weves <chrisweaver101@gmail.com>
Date: Wed, 6 Mar 2024 11:47:10 -0800
Subject: [PATCH] Add env variable to control hash rounds

---
 backend/ee/danswer/auth/api_key.py               |  4 +++-
 backend/ee/danswer/configs/app_configs.py        | 10 ++++++++++
 deployment/docker_compose/docker-compose.dev.yml |  5 +++++
 3 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/backend/ee/danswer/auth/api_key.py b/backend/ee/danswer/auth/api_key.py
index 37a780ec1..d1ce3b016 100644
--- a/backend/ee/danswer/auth/api_key.py
+++ b/backend/ee/danswer/auth/api_key.py
@@ -5,6 +5,8 @@ from fastapi import Request
 from passlib.hash import sha256_crypt
 from pydantic import BaseModel
 
+from ee.danswer.configs.app_configs import API_KEY_HASH_ROUNDS
+
 
 _API_KEY_HEADER_NAME = "Authorization"
 _BEARER_PREFIX = "Bearer "
@@ -27,7 +29,7 @@ def generate_api_key() -> str:
 def hash_api_key(api_key: str) -> str:
     # NOTE: no salt is needed, as the API key is randomly generated
     # and overlaps are impossible
-    return sha256_crypt.hash(api_key, salt="")
+    return sha256_crypt.hash(api_key, salt="", rounds=API_KEY_HASH_ROUNDS)
 
 
 def build_displayable_api_key(api_key: str) -> str:
diff --git a/backend/ee/danswer/configs/app_configs.py b/backend/ee/danswer/configs/app_configs.py
index cb29fc7aa..6b576a14e 100644
--- a/backend/ee/danswer/configs/app_configs.py
+++ b/backend/ee/danswer/configs/app_configs.py
@@ -5,3 +5,13 @@ OPENID_CONFIG_URL = os.environ.get("OPENID_CONFIG_URL", "")
 
 # Applicable for SAML Auth
 SAML_CONF_DIR = os.environ.get("SAML_CONF_DIR") or "/app/ee/danswer/configs/saml_config"
+
+
+#####
+# API Key Configs
+#####
+# refers to the rounds described here: https://passlib.readthedocs.io/en/stable/lib/passlib.hash.sha256_crypt.html
+_API_KEY_HASH_ROUNDS_RAW = os.environ.get("API_KEY_HASH_ROUNDS")
+API_KEY_HASH_ROUNDS = (
+    int(_API_KEY_HASH_ROUNDS_RAW) if _API_KEY_HASH_ROUNDS_RAW else None
+)
diff --git a/deployment/docker_compose/docker-compose.dev.yml b/deployment/docker_compose/docker-compose.dev.yml
index bb432f6f0..ac2d066ef 100644
--- a/deployment/docker_compose/docker-compose.dev.yml
+++ b/deployment/docker_compose/docker-compose.dev.yml
@@ -86,6 +86,11 @@ services:
       # (time spent on finding the right docs + time spent fetching summaries from disk)
       - LOG_VESPA_TIMING_INFORMATION=${LOG_VESPA_TIMING_INFORMATION:-}
       - LOG_ENDPOINT_LATENCY=${LOG_ENDPOINT_LATENCY:-}
+      # Enterprise Edition only
+      - API_KEY_HASH_ROUNDS=${API_KEY_HASH_ROUNDS:-}
+    volumes:
+      - local_dynamic_storage:/home/storage
+      - file_connector_tmp_storage:/home/file_connector_storage
     extra_hosts:
       - "host.docker.internal:host-gateway"
     logging: